lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 27 Feb 2018 19:52:40 -0800
From:   Roopa Prabhu <roopa@...ulusnetworks.com>
To:     davem@...emloft.net, netdev@...r.kernel.org
Cc:     dsa@...ulusnetworks.com, nikolay@...ulusnetworks.com,
        idosch@...lanox.com, pabeni@...hat.com
Subject: [PATCH net-next v2 0/5] fib_rules: support sport, dport and proto match

From: Roopa Prabhu <roopa@...ulusnetworks.com>

This series extends fib rule match support to include sport, dport
and ip proto match (to complete the 5-tuple match support).
Common use-cases of Policy based routing in the data center require
5-tuple match. The last 2 patches in the series add a call to flow dissect
in the fwd path if required by the installed fib rules (controlled by a flag).

v1:
  - Fix errors reported by kbuild and feedback on RFC
  - extend port match uapi to accomodate port ranges

v2: 
  - address comments from Nikolay, David Ahern and Paolo (Thanks!)

Pending things I will submit separate patches for:
  - extack for fib rules
  - fib rules test (as requested by david ahern)

Roopa Prabhu (5):
  net: fib_rules: support for match on ip_proto, sport and dport
  ipv4: fib_rules: support match on sport, dport and ip proto
  ipv6: fib6_rules: support for match on sport, dport and ip proto
  ipv4: route: dissect flow in input path if fib rules need it
  ipv6: route: dissect flow in input path if fib rules need it

 include/net/fib_rules.h        | 31 +++++++++++++-
 include/net/ip6_route.h        |  3 +-
 include/net/ip_fib.h           |  2 +-
 include/net/netns/ipv4.h       |  1 +
 include/net/netns/ipv6.h       |  1 +
 include/uapi/linux/fib_rules.h |  8 ++++
 net/core/fib_rules.c           | 95 +++++++++++++++++++++++++++++++++++++++++-
 net/ipv4/fib_rules.c           | 15 +++++++
 net/ipv4/fib_semantics.c       |  2 +-
 net/ipv4/route.c               | 52 ++++++++++++++++-------
 net/ipv6/fib6_rules.c          | 14 +++++++
 net/ipv6/icmp.c                |  2 +-
 net/ipv6/route.c               | 45 ++++++++++++++++----
 13 files changed, 241 insertions(+), 30 deletions(-)

-- 
2.1.4

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ